Re: [dmarc-ietf] Signaling MLMs
Hector Santos <hsantos@isdg.net> Sat, 15 April 2023 14:52 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CB6BBC152574 for <dmarc@ietfa.amsl.com>; Sat, 15 Apr 2023 07:52:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b="gzO68dWv"; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b="HiyfZQ/7"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PgfFWfObbqUK for <dmarc@ietfa.amsl.com>; Sat, 15 Apr 2023 07:52:21 -0700 (PDT)
Received: from mail.winserver.com (mail.winserver.com [3.137.120.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 20131C1526ED for <dmarc@ietf.org>; Sat, 15 Apr 2023 07:52:20 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha256; c=simple/relaxed; l=7104; t=1681570335; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:From:Message-Id:Subject: Date:To:Organization:List-ID; bh=++sFM5Qz/CiBM4zHI36/0YcH0gFyOxd yYJ4w1H8zcck=; b=gzO68dWv28XWYyQUiW2zRtJrZkeWym2rz4x49bvLLqvg5sY uS9S9gusLwUeJJEFpNRhAbtrYNqWzeBn+YpV+poP+yPFEykxhdqkf71ipQyLjxrP 0mh/foWNs6G19taOQLNPO4ZsNB273xYkKkIdlMZr9jkwwK8pckoDYLz/N+sk=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.13) for dmarc@ietf.org; Sat, 15 Apr 2023 10:52:15 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; dmarc=pass policy=reject author.d=isdg.net signer.d=beta.winserver.com (atps signer);
Received: from beta.winserver.com ([3.132.92.116]) by winserver.com (Wildcat! SMTP v8.0.454.13) with ESMTP id 1963131770.1.5144; Sat, 15 Apr 2023 10:52:15 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=7104; t=1681570333; h=Received:Received:From: Message-Id:Subject:Date:To:Organization:List-ID; bh=++sFM5Qz/CiB M4zHI36/0YcH0gFyOxdyYJ4w1H8zcck=; b=HiyfZQ/75lCQsTTtXlU1e6CE7hF/ 088pcTRZra+muU1ityLF4rEZXca7AVNPWRHHrRfNzfK/6z5il4Et22B18jwKVfYz hm+NxKGPpMnXdyBorqTVWl8JWqpYyF/D9ouNGof+nIofMadgmdMeMglEipMYnpML TjF6xf3JBOVsahU=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.12) for dmarc@ietf.org; Sat, 15 Apr 2023 10:52:13 -0400
Received: from smtpclient.apple ([99.122.210.89]) by beta.winserver.com (Wildcat! SMTP v8.0.454.12) with ESMTP id 2409167816.1.18444; Sat, 15 Apr 2023 10:52:12 -0400
From: Hector Santos <hsantos@isdg.net>
Message-Id: <5DAE096A-B547-4569-A3C6-34ED9EC91B2D@isdg.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_233E7B7F-26B9-4B2D-9569-280ED9515D93"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.400.51.1.1\))
Date: Sat, 15 Apr 2023 10:52:00 -0400
In-Reply-To: <CAJ4XoYf4Oac61J41FaSi4PCNwpFiOhWm90TwasNvrp91yeW1UQ@mail.gmail.com>
Cc: Hector Santos <hsantos=40isdg.net@dmarc.ietf.org>, Douglas Foster <dougfoster.emailstandards@gmail.com>, "Murray S. Kucherawy" <superuser@gmail.com>, Alessandro Vesely <vesely@tana.it>, IETF DMARC WG <dmarc@ietf.org>
To: Dotzero <dotzero@gmail.com>
References: <CAL0qLwZc2X7tyP+_8vvL3Yb7uJk6td3XGbsXUB68BNUEMhV4yQ@mail.gmail.com> <8d970e6b-8fa7-da85-5c47-d485abbc43be@crash.com> <CAL0qLwZJjBq0T8kODJifTT10ttJJE2Bof5kJZACRTwyauzwQ6A@mail.gmail.com> <CAJ4XoYcHeFe0kS9QHz4fP5TbOMOiW8mJaiNYx+Yk8keZYW-yDQ@mail.gmail.com> <b6a2b444-de02-9833-fe7b-fc9ad542f900@tana.it> <CAL0qLwYwcXTBzqd=3sKwtZJUsEYO5kfv9V-CZtVHz2TQ78v=0g@mail.gmail.com> <909C826B-2745-4BE8-AD16-920E6DE86D1C@kitterman.com> <329db752-fdeb-7633-ede1-06e435db1c0e@tana.it> <CAL0qLwa=cA7426zgNJQFDBBqOKA6KXyBGAE4TOy=C+c9+JUY3A@mail.gmail.com> <168596BD-B688-4AF6-87E8-B25F9D2BD663@isdg.net> <CAH48Zfx0yXefioHoQi_Jq6hbMotcQZsDAhD5cXuBTRSxn2wXbA@mail.gmail.com> <C134972F-EAEA-4FA4-B65A-24B53338E5DD@isdg.net> <CAJ4XoYf4Oac61J41FaSi4PCNwpFiOhWm90TwasNvrp91yeW1UQ@mail.gmail.com>
X-Mailer: Apple Mail (2.3731.400.51.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/c1g2Oyy5HgEhb2Ja4mHsMxcH7aw>
Subject: Re: [dmarc-ietf] Signaling MLMs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Apr 2023 14:52:25 -0000
> On Apr 14, 2023, at 7:31 PM, Dotzero <dotzero@gmail.com> wrote: > > On Fri, Apr 14, 2023 at 5:55 PM Hector Santos <hsantos@isdg.net <mailto:40isdg.net@dmarc.ietf.org>> wrote: >> Yes, it is simple DeMorgan’s Theorem where you use short-circuiting logic. >> >> DMARC says that any FAIL calculated via SPF or DKIM is an overall DMARC failure. In standard boolean logic is it an OR condition: >> >> IF SPF FAILS or DKIM FAILS Then Reject. > > You have it absolutely backwards. > > DMARC says if either (aligned) SPF validates or (aligned) DKIM validates, it passes. Hi Mike, Appreciate your comment. This OR gate logic will short-circuit DKIM with SPF validating. Optimizing means not processing the payload and just issue a 250 which is ‘absolutely' not what we want. In fact, DMARC logic is an AND gate of two protocols; one standard, one informational with some controversial constraints (alignment). I think you maybe meant: SPF predates ADSP/DMARC. It is a 5321 level technology. It is not a payload 5322 technology. Interestingly, you might be thinking in terms of SenderID which was a 5322 technology which offers SPF with the PRA (5322.From) as a new identity to evaluate. I know it’s hard to believe for many but there is still a good percentage of domains that do not do ADSP or DMARC and maybe not even DKIM. Just consider platforms using Integrated Mail Bots to automate things and they who don’t need the overhead. SPF is good enough. Using Pareto, SPF is the only thing needed for hard reject policy (-ALL). DMARC is useless at this point unless you want it to override SPF hardfail rejects and record and send reports, That would be a local policy. An implementation detail. Over 88% of the time, when SPF fails, DKIM/ADSP/DMARC, if available would also fail. So the payoff is high to short-circuit and lowered when you needless transfer a potential large and harmful payload. But for SPF soft failures (~ALL), that is when the interest of coupling SPF soft fail results with ADSP results got traction. SPF verifiers will pass SPF weaker policy results in meta-header data and that meant the payload protocol can help here. Microsoft explored this method and had a secret source to determine how soft failures can be coupled with ADSP results. DMARC never considered partial results. DMARC see SPF as a pass not soft-fail. So if DKIM passes and all four (4) domain identities are aligned, the transaction passes. That’s an AND gate and you don’t need to even to process SPF or do DKIM validation if the domains do not align. — HLS
- [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Steven M Jones
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling forwarders, not just M… John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Todd Herr
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling MLMs Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Mark Alley
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Todd Herr
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Dotzero
- Re: [dmarc-ietf] Signaling forwarders, not just M… Barry Leiba
- Re: [dmarc-ietf] Signaling forwarders, not just M… Brotman, Alex
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… John R Levine
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Alessandro Vesely
- Re: [dmarc-ietf] Signaling forwarders, not just M… Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Dotzero
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Murray S. Kucherawy
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Laura Atkins
- Re: [dmarc-ietf] Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Give up on SPF alone Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Douglas Foster
- Re: [dmarc-ietf] Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs John Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Jesse Thompson
- Re: [dmarc-ietf] list history, Signaling MLMs John R Levine
- Re: [dmarc-ietf] list history, Signaling MLMs Scott Kitterman
- Re: [dmarc-ietf] list history, Signaling MLMs Hector Santos
- Re: [dmarc-ietf] list history, Signaling MLMs Wei Chuang
- Re: [dmarc-ietf] Give up on SPF alone Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Neil Anuskiewicz
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Hector Santos
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely
- Re: [dmarc-ietf] Signaling MLMs Benny Pedersen
- Re: [dmarc-ietf] Signaling MLMs Alessandro Vesely